Professional Documents
Culture Documents
Cybersecurity Essentials: Wireless
Cybersecurity Essentials: Wireless
Wireless
Cybersecurity Essentials
Wireless 101: Getting Started with Wireless
July 2019
Version: 1.0.0
© 2019 Sophos Limited. All rights reserved. No part of this document may be used or reproduced
in any form or by any means without the prior written consent of Sophos.
Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and
marks mentioned in this document may be the trademarks or registered trademarks of Sophos
Limited or their respective owners.
While reasonable care has been taken in the preparation of this document, Sophos makes no
warranties, conditions or representations (whether express or implied) as to its completeness or
accuracy. This document is subject to change at any time without notice.
Sophos Limited is a company registered in England number 2096520, whose registered office is at
The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP.
Through this course we will explain what wireless is and how it has evolved. We will explore what
access points are and how they are implemented.
Additionally, we will explain how wireless works, including security, beamforming, MIMO and band
steering. We will discuss wireless security threats and cover best practices for securing your
wireless network.
Finished?
Click here to continue
This is the course hub page, which provides access to the topics in this course. Topics can be
repeated if you want to review a section.
What is Wireless?
Back to Hub
Wireless communication, or wireless, is the transfer of information between two or more points
that are not connected by an electrical conductor. The most common example of wireless
technology is the mobile phone which uses radio waves from signal-transmission towers to enable
their users to make phone calls from many locations worldwide.
Wi-Fi is a wireless local area network (WLAN) that enables portable computing devices to connect
easily with other devices and the internet. Standardized as IEEE (Institute of electrical and
electronic engineers) 802.11 a, b, g, n, ac, ax, Wi-Fi has link speeds similar to standards of wired
ethernet.
Wireless data communications allow wireless networking between desktop computers, laptops,
tablets and mobile devices. They are used to span a distance beyond the capabilities of typical
cabling in point to point communication and point to multi point communication.
Source: https://en.wikipedia.org/wiki/Wireless
Back to Hub
Wireless uses radio waves to communicate. These radio waves are part of the electromagnetic
spectrum. On that spectrum, radio waves span frequencies from 3kHz to 300 GHz.
For Wireless LAN the frequency ranges most commonly used are the 2.4GHz and 5GHz bands. Each
band is divided into numerous channels. Selecting the right channel can help to ensure a strong
signal with faster connection speeds.
The higher the frequency is on the spectrum, the shorter the signal range. This means that the
ability of the signal to penetrate dense objects such as brick walls is gradually reduced. Practically
this would mean you would have to have multiple access points to cover areas where there are
many walls. However, in an open-plan space, the signal quality would be better and stronger.
2.4Ghz is an unlicensed frequency band on the spectrum and as such is used by more than 300
consumer devices as well as by wireless networks including, cordless phones, Bluetooth and
microwave ovens. Each band is divided into numerous channels and if all devices connect using the
same channels, it can become very congested and lead to interference or performance deficits.
5GHz is also an unlicensed frequency band. It is not used by as many devices as 2.4GHz and is
therefore less congested. However, as the frequency is higher, the signal range is shorter.
Most devices can support 2.4GHz and 5GHz, if a device supports both bands, they are described as
being dual-band.
Back to Hub
To learn more about frequency bands and channels please watch this short video.
Evolution of Wireless
Everything Connected
500 clients per AP
Evolution of Wireless
High Density
Multiple Devices
High Capacity 50 clients per AP
Laptop + Mobile
Coverage
10 clients per AP
Single laptop
5 clients per AP
Back to Hub
To meet the changing needs of a rapidly growing market, the 802.11 standard for wireless has
evolved. Amendments to the specifications are indicated by a lower case letter suffix, for example,
802.11n and 802.11ac. It is important to note that the 802.11 standard ensures compatibility with
the wired protocol used for most networks today and is part of a larger family of 802 standards.
For example, the Ethernet standard is 802.3.
802.11 a, b and g were all about basic connectivity and coverage. Laptops with integrated wireless
became more popular, Wi-Fi was added to meeting rooms so that people could connect.
The n standard is when things really changed and become more about high capacity. Networks
needed to handle a greater number of clients connecting as people started having more than one
device. The n standard is still widely in use today.
The 802.11ac standard was designed to handle high density networks for the proliferation of
mobile devices. 802.11ac wave 1 was the fastest adopted standard.
Wave 2 offers a higher throughout than wave 1. Wave 2 can reach GB speeds even if the real world
throughput turns out to be only 50% of the theoretical rate. Wave 2 also supports a higher number
of connected devices.
Moving forward, 802.11ax will be introduced. This will operate in the already existing 2.4GHz and
5GHz spectrums, however, will incorporate between 1 and 7 GHz as they become available. The
new amendment will improve overall spectral efficiency for increased throughput. It is expected
that this amendment will achieve 4x increase to user throughput due to more efficient spectrum
utilization. Ethernet has not progressed in the same way as wireless connectivity, as such, wireless
Access Points
Router
Access Point
Back to Hub
An access point (AP) is a networking hardware device that allows Wi-Fi devices to connect to a
wired network. The AP usually connects to a router via a wired network as a standalone device.
However, it can also be an integral component of the router itself.
An AP connects directly to a wired Local Area Network (LAN), typically Ethernet. The AP then
provides wireless connections using wireless LAN technology, typically Wi-Fi, for other devices to
use that wired connection. APs support the connection of multiple wireless devices through a
single wired connection.
It is generally recommended that one IEEE 802.11 AP should have, at a maximum, 15-25 devices
per radio. However, the actual maximum of devices that can be supported can vary significantly
depending on several factors, such as the type of APs in use, the density of the device environment
and the desired device throughput.
The range of communication can also vary significantly, depending on such variables as indoor or
outdoor placement, height above ground, nearby obstructions, other electronic devices that might
actively interfere with the signal by broadcasting on the same frequency, type of antenna, the
current weather, operating radio frequency, and the power output of the device.
Back to Hub
For further information about how Access Points work please watch this short video.
Network
Access Points
12.95W
Power
Data/Power PoE Injector
The IEEE 802.3af (PoE) standard supports the delivery of PoE up to 15.4W per port that may be
used to deliver power to a variety of devices.
Only 12.95W is assured to be available at the powered device as some power is dissipated in the
cable as overhead.
Back to Hub
A Power over Ethernet (PoE) injector allows a single cable to provide both a data connection and
electric power to devices such as wireless access points.
To setup an access point with a PoE injector, the data/power cable will go from your access point
to the PoE injector. The network cable from the PoE injector is then plugged into your network
router and the power cable plugged into power.
The IEEE 802.3af (PoE) standard supports the delivery of Power over Ethernet up to 15.4W per
port that may be used to deliver power to a variety of devices. However, only 12.95W is assured to
be available at the powered device as some power is dissipated in the cable as overhead.
Network
Access Points
PoE
Power
PoE + Switch
PoE+ (i.e. 120W)
The IEEE 802.3at (PoE+) standard supports up to 25.5W of power on the ports
Allows devices that require more than 15.4W to power on when connected to the PoE+ ports
Back to Hub
If you have an existing PoE enabled switch then the Access Point setup will look like this.
The data/power cable will go from the access point to your switch. The network cable is then
plugged into your router and the power cable plugged into power.
If you have multiple access points you wish to power, then we would recommend using a PoE
switch.
The IEEE 802.3at (PoE+) standard supports up to 25.5W of power on the ports, allowing devices
that require more than 15.4W to power on when connected to the PoE+ ports.
Back to Hub
Wireless access has special security considerations. Many wired networks base the security on
physical access control, trusting all the users on the local network, but if wireless access points are
connected to the network, anybody within range of the AP (which typically extends farther than
the intended area) can attach to the network.
The most common solution is wireless traffic encryption. Modern access points come with built-in
encryption. The first generation encryption scheme, Wired Equivalent Privacy (WEP) proved easy
to crack. The second generation scheme Wi-Fi Protected Access (WPA) was more secure, however,
was superseded with the third generation WPA2 in 2004 which is currently recommended if a
strong enough password or passphrase is used and the device supports WPA2.
Some APs support hotspot style authentication using RADIUS and other authentication servers.
Back to Hub
If you drop a stone into water, the waves around the entry point form equally in all directions.
That’s exactly the same as Wi-Fi without beamforming. The signal from the antenna of an access
point is set equally in all directions. It does not matter where the devices are needing that signal
and so, of course, there will be some loss of signal strength.
Beamforming detects where devices are and send an intensified signal in the direction of the
devices, this leads to better signal quality over a longer range.
Beamforming has been around for a while but as with many technologies in the wireless space,
different vendors have different ways of implementing it. With 802.11ac beamforming is part of
the specification.
SU-MIMO
Back to Hub
Any wireless traffic between an access point and a device is always subject to interference due to
objects in its way, every wall, cupboard and even the air changes the path of the waves
transmitted.
If the radio wave signal hits an object, known as a reflection, it causes the path to change. This
change weakens the signal. When a further signal is transmitted at the same time, it may also be
reflected. This leads to these signals reaching the device at different times. This causes slow
connection speeds and affects the quality of the signal.
Single User Multiple Input Multiple Output (SU-MIMO) was introduced with 802.11n to address
this issue. It uses the reflections to collect signals across multiple antennas and collectively defines
a better signal. SU-MIMO is part of the Access Point which processes the signals.
MU-MIMO
• Transmits simultaneously
• Faster traffic
• Better user experience
Back to Hub
SU-MIMO does improve the signal quality, however, because the access point sequentially
transmits to each device, under some circumstances, it could run out of time leading to all devices
having lower bandwidth.
802.11ac Wave 2 includes Multi-User MIMO. Access Points supporting this feature, transmit
simultaneously to multiple devices to make full use of the capacity available. By having concurrent
transmissions, more devices can get more data faster, which, coupled with beamforming, can lead
to a better user experience. Particularly mobile clients which only a support a single stream of data
at any given time.
4
How Wireless Works
As we mentioned earlier, on the 2.4GHz channel, there are many devices competing for time on
the channel.
For example, every client and access point are competing for time to talk on overlapping channels
talking over each other. Additionally, non Wi-Fi devices are also competing for access on 2.4GHz.
To help with this, wireless uses band steering and airtime fairness.
802.11g
11mps 600mps 1.3gbps +
54mps
Some environments may have older devices that run in parallel with newer devices. The older
devices will probably only support older standards. This means that they are likely to have slower
speeds and may slow down newer devices which are capable of higher speeds.
If we have a stretch of road with road works, all traffic needs to go through the road, however, the
tractor (slower) is going to take longer than a car (faster). For every tractor let through, five cars
are let through. This is much fairer, as everyone is able to go at the speed they are capable of.
Airtime fairness does this for devices, giving equal amounts of air time, instead of equal volumes
of data transfer, to each client. This ensures that every client has equal access to air time,
regardless of client capability meaning higher download speeds to the newer devices when slower
devices are connected to the same access point.
2.4GHz 5GHz
• High Traffic • Low Traffic
• Slow speed • High speed
How Wireless Works
Multiple devices competing for time on the channel is a bit like driving on a road with limited
number of lanes, if everybody uses that road it can become slow with a higher risk of someone
else getting in your way and spoiling your journey.
If there is an alternative, for example a highway or motorway which has more lanes with less cars
and a faster speed limit you can choose that road. For wireless devices, this is called band steering
and it works by directing devices who are capable of using the alternative route to that route,
which eases the congestion of the smaller road.
MAC 11:00:22:3E:4F:55
That‘s exactly what I wanted
Device is dual-band you to do
2.4 & 5 GHz
Back to Hub
Band steering works by using the MAC address of the device to determine if it is enabled for
2.4GHz or 5GHz.
A device can only connect to either 2.4 or 5GHz at any one time. If an access point has not heard
from a device before, it may delay connecting the device to 2.4GHz in the hope that it will try to
connect to 5GHz.
MAC 11:00:22:3E:4F:55
That‘s exactly what I wanted
Device is dual-band you to do
2.4 & 5 GHz
Back to Hub
Some access points remember the MAC address of a device which has connect to 5GHz before and
force it to go to 5GHz instead of 2.4GHz. It does this by ignoring the request to connect to 2.4GHz.
Band Steering
Back to Hub
Evil Twin A rogue Access Point spoofs your access point name
Back to Hub
With the evolution in wireless networking, it is no surprise that there is an increased security risk
to your network.
Here are some of the ways attackers can compromise your network.
• Rogue Access Points. A rogue access point is any Wi-Fi access point that is connected to your
secured wired network without authorization. They can be setup and used for the purpose of
sniffing wireless network traffic and can be used to conduct a man-in-the-middle attack. This
means that the attacker can access your network, leaving your IT assets wide open
• Evil Twin Access Points. This is when a rogue access point spoofs the network name of your
legitimate access point(s). This can trick users into connecting to them as they look legitimate
• Spoofing the network name and the hardware address of your access point(s). If an attacker is
using advanced spoofing they will also use the unique protection code for your access point(s)
https://www.sophos.com/en-us/security-news-trends/best-practices/wi-fi.aspx
Back to Hub
In order to protect your wireless network consider these recommended do’s and don’ts:
Do:
• Scan for unauthorized access points. This will help the detection of rogue access points
• Use password protected wireless networks. WPA2 secured networks are still the most secure
option
• Turn off features such as file sharing and remote access. This helps to reduce the possibility of
an attacker gaining access to your network
Do Not:
• Connect to unknown wireless networks or enable automatic Wi-Fi connections
• Access confidential business data or sensitive personal information using unsecured public Wi-Fi
• Leave un-used ports connected to the network. This can help to reduce the possibility of rogue
access points
For further tips on Wi-Fi security best practices please see Sophos Tips for Securing your Wireless
Connection here: https://www.sophos.com/en-us/security-news-trends/best-practices/wi-fi.aspx
Deployment Scenarios
Back to Hub
As networks are being re-designed and applications are increasingly mobile, the faster standards
that are now available 802.11ac Wave 2 and 802.11ax mean that wireless has become an
expectation. Let’s take a look at the type of solutions for deployment of a wireless network.
Cloud-managed Wi-Fi
Cloud-based solutions are generally cost effective and highly scalable, however, until now, they
have pre-dominantly been offered by pure-play wireless vendors who have had little focus on
Back to Hub
This short video talks though the differences between Controller and Cloud management for
wireless solutions.
How many access points are needed for coverage and capacity?
Deployment Scenarios
Back to Hub
When considering what access points to use, it is recommended that you completed a site survey.
A site survey is a set of procedures that allows you to understand the physical environment from a
radio frequency (RF) perspective and the business requirements. These procedures allow you to
plan out your site to ensure that you will have the coverage and capacity to allow applications to
perform properly over the Wireless network.
The site survey is important as it allows you to estimate how many AP’s will be required, where
they should be placed and how they should be configured.
• A study of the area to determine existing and new radio frequency coverage areas
• Effects of walls, floors, doors, windows, plumbing, elevators, trees, buildings, mountains etc on
RF behaviour
• Antenna requirements
• Power outputs
• Channel utilization
• RF interference source types and locations
• Wi-Fi bands in particular applications
Your wireless network should be Considering how many devices Your wireless network needs to
built to avoid interference, cross- will be used in one area will help be secure with strong controls
talk and channel overlap to determine the design of your and authenticated protocols
network
Back to Hub
The answers to these simple questions can be complex and depend on:
Availability
Can everyone on your team get online when they need to? Can they get on with a strong signal?
Poor signal strength can drag down your business with slow and dropped connections. If you
WLAN is not built to avoid things like interference, cross-talk and channel overlap, keeping your
connection will be a losing battle.
Performance
How much traffic is on your WLAN? Sometimes WLAN will even be slow with four bars. That’s
because design affects performance. Since everyone connected to a single WAP is really sharing
one wire, too many devices in one area can cause traffic jams. Putting some forethought and
Security
Is everyone on your network supposed to be there? The guest WLAN was segmented
from the rest of wired network. WLAN security wasn’t that big of a deal. Unwanted
connections were a sap on bandwidth but not a risk to your data. Now that access to
your more sensitive business segments Is available over WLAN, your wireless network
needs stronger controls and authentication protocols.
Back to Hub
Know how wireless works and the frequency bands and standards involved
Be able to identify the different features of access points and wireless networks and their
function
Back to Hub
Here are the skills you should be able to take away from this course.
If you feel confident that you have met these objectives, click Continue to complete the quiz.
30 KHz 5 GHz
Back to Hub
Back to Hub
Back to Hub
Back to Hub
Name the security threat that spoofs your access point name
___________________
Back to Hub
You have completed this course but did not pass the quiz
Restart Quiz
Back to Hub
You have completed the course however, you have not passed the quiz.
Congratulations!
You have successfully completed this course
If you have found this course useful you may also be interested in our other
courses available in this Cybersecurity Series
Back to Hub
If you have found this course useful you may also be interested in our other courses available in
this Cybersecurity Series.
To view our available courses please view the On-Demand training section in the training portal
Back to Hub
The courses in this series are designed for individuals with no prior knowledge of the topics.
Additionally, we have a number of courses that are being developed and will be made available
soon.
We also have a list of planned courses we would like to add to this series.
If you would like to suggest a topic for a course for inclusion or to provide any feedback on this
series then please email us at globaltraining@sophos.com